From 5d14f3c03a628f72fca05bb8e0434a91cdf50e94 Mon Sep 17 00:00:00 2001 From: Scott Rifenbark Date: Fri, 30 May 2014 17:09:05 +0300 Subject: dev-manual: Updates to the "Making Images More Secure" section. Fixes [YOCTO #5482] Applied extensive review edist from Paul Eggleton throughout this section. (From yocto-docs rev: aa0bcd9199c83b43bad2390ff2292a8c2abe7455) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie --- .../dev-manual/dev-manual-common-tasks.xml | 120 ++++++++++++++++----- 1 file changed, 92 insertions(+), 28 deletions(-) (limited to 'documentation/dev-manual/dev-manual-common-tasks.xml') diff --git a/documentation/dev-manual/dev-manual-common-tasks.xml b/documentation/dev-manual/dev-manual-common-tasks.xml index 89437f7764..dffba96e7d 100644 --- a/documentation/dev-manual/dev-manual-common-tasks.xml +++ b/documentation/dev-manual/dev-manual-common-tasks.xml @@ -3841,14 +3841,46 @@ Making Images More Secure - If securing your image is of concern, there are steps, tools, + Security for a device is always a concern. + Consider the issues and problems discussed in just this + sampling of work found across the Internet: + + + "Security Risks of Embedded Systems" + by Bruce Schneier + + + "Internet Census 2012" + by Carna Botnet + + "Security Issues for Embedded Devices" + by Jake Edge + + + "They ought to know better: Exploiting Security +Gateways via their Web Interfaces" + by Ben Williams + + + + + + When securing your image is of concern, there are steps, tools, and variables that you can consider to help you reach the security goals you need for your particular device. Not all situations are identical when it comes to making an image secure. Consequently, this section provides some guidance and suggestions for consideration when you want to make your image more secure. - The section does not offer a complete solution. + + + + Because the security requirements and risks are + different for every type of device, this section cannot + provide a complete reference on securing your custom OS. + It is strongly recommended that you also consult other sources + of information on embedded Linux system hardening and on + security.
@@ -3895,7 +3927,10 @@ Ensure you remove or disable debugging functionality before producing the final image. - + For information on how to do this, see the + "Considerations Specific to the OpenEmbedded Build System + section. + Ensure you have no network services listening that are not needed. @@ -3929,6 +3964,7 @@ + Use the following line in your - local.conf file - to enable the security compiler and - linker flags to your build: + local.conf file or in your custom + distribution configuration file to enable the security + compiler and linker flags to your build: require conf/distro/include/security_flags.inc @@ -3966,38 +4003,65 @@ sure that it does not have "debug-tweaks" before producing your final image. Among other things, leaving this in place sets the - root password as blank. + root password as blank, which makes logging in for + debugging or inspection easy during + development but also means anyone can easily log in + during production. It is possible to set a root password for the image. - For information on how to do that, see the - How do I set or change the root password - Wiki page. + When you set up root passwords for multiple images, + you should not duplicate them. + See the note on passwords at the end of this list. + + + To set up a root password, + use the extrausers + class, which is the preferred method. + For an example on how to set up the root password, + see the + "extrausers.bbclass" + section. + + You can also see the the example in the + How do I set or change the root password Wiki + page as an alternative method. + It is possible to add an additional user account - for later administrative or service access using the - extrausers - class or the - ROOTFS_POSTPROCESS_COMMAND - variable. - For an example on how to add users, see the - "extrausers.bbclass" - section. + for later administrative or service access. + As with root passwords, be sure to not duplicate + passwords for generic users (e.g. tester, qa, and + so forth) across multiple devices. + See the note on passwords following this list. - If you do add extra user accounts, - be cautious about setting - the same password for every device. - If you want the device to remain secure - from unauthorized access, and the password set on - all devices becomes compromised, then every device - becomes compromised. - If you need this access but want to ensure security, - consider setting a different, random password for each - device. + + As with the root password, you also use the + extrausers + class. + + + Consider enabling a Mandatory Access Control (MAC) + framework (such as SMACK or SELinux) and tuning it + appropriately for your device's usage. + + + A Note about Passwords + When adding extra user accounts or deciding on root + passwords for multiple devices, be cautious about setting + the same passwords for multiple users or devices. + If you want the device to remain secure from unauthorized + access, and the password set on all devices becomes + compromised, then every device becomes compromised. + If you need this access but want to ensure security, + consider setting a different, random passwords for each + user or device. + +
-- cgit v1.2.3-54-g00ecf